The GTIR was based on threat intelligence and attack data from the NTT Group companies which include Solutionary, NTT Com Security, Dimension Data, NTT Data and support from NTT R&D. The security experts have analyzed approximately three billion worldwide attacks occurred in 2013, the Finance and Technology industries are that most targeted by attackers which used mainly botnet for their offensives. The majority of the vulnerabilities listed in the report are related to patch management, firewall and application settings.

The report correctly highlight the necessity to find solutions that represent the best balancing between cost and risks, the document is based on real-world case studies and it tries to figure out recommendations and strategies to mitigate the threats and reducing the impact on the company operation.

The impact of cyber threats is even more dangerous and is not depending strictly on the dimension of the organizations (e.g. SMBs, enterprises) neither from the physical location of victims.

“The rise of borderless capabilities overwhelms and breaks the implementation of traditional security controls. Managing the perimeter is the new paradigm. While the traditional perimeter was between “us” and “them” it has changed to include our partner or team for today which will be different than the one for tomorrow.” states the Global Threat Intelligence Report (GTIR).

It’s crucial to consider each enterprise like live entities that grow and interact with actors, like customers and contractors, its employees are around the world demanding resources and exchanging information. The data is the real value of the companies and the security model must be focused on the protection of functionality and data and assets. Security must be ensured into applications by design, simple and inflated concept that is often ignored by IT community.

“It’s not just how well the application is secured; but how well it is developed, architected, configured and maintained over time which matters.”

Key findings in the 2014 GTIR include:

Costfor a ‘minor’ SQL injection attack exceeds $196,000 – Organizations must realize the true cost of an incident and learn how a small investment could reduce losses by almost 95 per cent. Case Study: “Massive Data Exfiltration via SQL Injection”.

Anti-virus fails to detect 54 per cent of new malware collected by honeypots – Additionally, 71 per cent of new malware collected from sandboxes was also undetected by over 40 different anti-virus solutions. This supports the premise that simple endpoint solutions must be augmented with network malware detection and purpose-built solutions.

43 per cent of incident response engagements were the result of malware – Missing anti-virus, anti-malware and effective lifecycle management of these basic controls were key factors in a significant portion of these engagements. Read the “Administrator Releases a Worm” case study to see how it cost one organization $109,000.

Botnet activity takes an overwhelming lead at 34 percent of events observed – Almost 50 per cent of botnet activity detected in 2013 originated from US based addresses. The fact that healthcare, technology and finance account for 60 per cent of observed botnet activity reflects the information worker burden that accompanies these industries.

Healthcare has observed a 13 per cent increase in botnet activity – Due to increased reliance on interconnected systems for the exchange and monitoring of health related data, more systems are potentially affected by malware.

Define and test incident response, an efficient incident response could help to minimize the impact of security breaches.

Take advantage of new technologies and techniques, include capabilities such as application isolation techniques, micro VMs, sandboxing and machine learning. These technologies focus on application control and isolation, incident containment and rapid detection via behavioral analytics, are likely to grow in importance.

I suggest you to carefully read the report that is full of interesting data.

Share On

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.